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Amendments to the Claims : 

1 . (Currently Amended) A method for dynamically creating a tunnel in a 
communications network to provide subscribers host access to a network service, comprising: 

storing a subscriber profile in a network database, wherein the subscriber profile 
includes subscriber-specific network service tunneling requkementsjpr a plurality of network 
services that are available to the subscriber, the network serv ice tunnelingncruirenicnts 
including information for identifying tunnel requ irements for each of those services; 

receiving at a network device a first subscriber data packet associated with a first 
network service; 

accessing the subscriber profile to determine if the first network service has a 
subscriber-specific tunneling requirement; and 

creating a first tunnel if a determination is made that the subscriber profile 
requires a first network service tunnel, wherein the first tunnel has a first end point at the 
network device and a second end point at the first network service^ 

receiving at th e n e twork devico a oocond subscrib e r data -pael cet associated ^withra 
s e cond rE tctwork servic e ; 

acocoping th e subscriber - profil e to doto i ininc - if th e s e cond n e twork servic e has a 
subscrib er - sp e cific tunneling requirement; and 

cr e ating a - s e eond tunn e l if a d e t ^ emination is mad e that the s « 
requir e s a s e cond - network service tunnel, wh e r e in th e s e coad tunn e l has a l lssfr 
notwork devic e and a Gocond end point at th e- s e oond network sorvi ee. 

2. (Original) The method of Claim 1, wherein storing a subscriber profile comprises 
storing at least one parameter chosen from the group consisting of the network access identifier, 
a user/subscriber name and a user/subscriber password. 
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3. (Original) The method of Claim 1, further comprising determining if a first tunnel 
between the network device and the first network service pre-exists prior to creating the tunnel 
between the network device and the first network service. 

A. (Original) The method of Claim 1, wherein more than one subscriber accessing the 
communication network through the network device can simultaneously trai ismit data packets to 
the first network service via the first tunnel. 

5. (Canceled) 

6. (Currently Amended) The method of Claim [[1]] 21 , further comprising determining if 
a second tunnel between the network device and the second network service pre-exists prior to 
creating the tunnel between the network device and the second network sen ice. 

7. (Currently Amended) The method of Claim [[!]] 2L, wherein the second tunnel is 
functional simultaneous with the functioning of the first tunnel. 

8. (Currently Amended) The method of Claim [[!]] 21, wherein the more than one 
subscriber accessing the communication network througji the network device can simultaneously 
transmit data packets to the first network service via the first tunnel and the second network 
service via the second tunneL 

9. (Currently Amended) A system for dynamically creating a tunnel in a communications 
network to provide a subscriber host access to a destination network, comprising: 

a storage device that stores a subscriber profile, wherein the subscriber profile 
includes subscriber-specific network service tunneling requirements for a -plurality of network 
services that are available to the subscriber, the network service tunneling, requirements 
including information for identifying tunnel requirements for each of those services; 
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means for receiving at a network device a first data packet associated with a first 



network service; 

means for accessing the subscriber profile to determine if the first network service 
has a subscriber-specific tunneling requirement; and 

means for creating a first tunnel if a determination is made that the subscriber 
profile requires a first network service tunnel, wherein the first tunnel has a first end point at the 
network device and a second end point at the first network service? 



at tho network device and a accond e nd point - at the second notwork service . 

10. (Original) The system of Claim 9, further comprising a means for determining if a 
first tunnel between the network device and the first network service pre-ex ists prior to creating 
the tunnel between the network device and the first network service. 

11. (Canceled) 

12. (Currently Amended) A network device that dynamically creates a tunnel in a 
communications network to provide a subscriber host access to a destination network, 
comprising: 



network service; 

a database accessed by the processor that stores a subscriber profile that defines 
fe& -subscriber-gpecific network service t unnel requirements for a plurality o f network services 




a processor that receives from a subscriber a data packet associated with a 
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* n n ntn m^ rnnnVn . the ^hscrib er-c p^ific network service tunnel requirements including 
information for identifying requi rements for estahlUhinr n tumid for each of those services; and 

a tunnel management module implemented by the processor that cornmxinicates 
with the database to determine if the subscriber requires a tunnel for access io the network 
service and, if a determination is made that the tunnel is required, the tunnel management 
module creates a tunnel access session between the network device and the i letwork service? 

wher e in - fee turai ek-aanagemont modulo ia capablo of creatin g moro than on e 
tuimol access ses s ion for simultaneous oubu u ib or qccobd to m orn th an one network oorvic e. 

13. (Original) The network device of Claim 12, further comprising :i session 
management module implemented by the processor that communicates with the database to 
manage the tunnel access session provided by the network device. 

14. (Original) The network device of Claim 12, wherein the tunnel management module 
determines if a tunnel between the network device and the network service pre-exists prior to 
creating the tunnel between the network device and the network service. 

15. (Canceled) 

16. (Original) The network device of Claim 12, wherein the tunnel management module 
is capable of providing simultaneous access to the tunnel access session to more than one 
subscriber accessing the communication network through the network device. 

17. (Original) The network device of Claim 16, forther comprising a session 
management module implemented by the processor that communicates with the database to 
manage the simultaneous tunnel access session provided to more than one subscriber accessing 
the communication network through the network device, 
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18. (Original) The network device of Claim 16, wherein the subscriber profile defines 
tunneling requirements for the more than one network services that the subscriber has been 
authorized to access. 

19. (Original) The network device of Claim 18, wherein the tunneling requirements are 
predefined by the subscriber. 

20. (Original) The network device of Claim 18, wherein the tunneling requirements are 
predefined by the network device administrator. 

2 1 - (New) The method of Claim 1 , further comprising; 

receiving at the network device a second subscriber data packet associated with a 

second network service; 

accessing the subscriber profile to determine if the second network service has a 
subscriber-specific tunneling requirement; and 

creating a second tunnel if a determination is made that the subscriber profile 
requires a second network service tunnel, wherein the second tunnel has a first end point at the 
network device and a second end point at the second network service. 

22. (New) The system of Claim 9, further comprising: 

means for receiving at the network device a second data packet associated with a 

second network service; 

means for accessing the subscriber profile to determine if thu second network 
service has a subscriber-specific tunneling requirement; and 

means for creating a second tunnel if a determination is made that the subscriber 
profile requires a second network service tunnel, wherein the second tunnel has a first end point 
at the network device and a second end point at the second network service , 
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23. (New) The network device of Claim 12, wherein Hie tuirael management module is 
capable of creating more than one tunnel access session for simultaneous subscriber access to 
more than one network service. 
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